3 Replies Latest reply on Jun 20, 2005 1:00 PM by starksm64

    RemoteAddrValve to protect core apps?

    teej Jun 16, 2005 7:06 PM

      I'm looking for instructions on how to use RemoteAddrValve to protect web applications at the context level.

      Using JBoss 4.0.2, two HTTP connectors - one LAN one Internet.

      10.254.251.20:9006 & a.b.c.d:80

      I want to allow access to the web-console, jmx, etc., and a custom admin console web-app from the LAN (remote-address will be 10.254.*) but disable it for Internet remote clients.

      I've looked at Wiki articles and the Admin docs; they talk about it being possible at the Tomcat container level and simply link to Tomcat docs.

      http://wiki.jboss.org/wiki/Wiki.jsp?page=LimitAccessToCertainClients

      Following the instructions in those docs to create a per-context XML configuration hasn't met with success so far.

      I tried adding a context.xml to jboss/server/all/work/localhost/web-console/


      <Valve className="org.apache.catalina.valves.RemoteHostValve" allow="10.254.*.*" deny "*" / >


      But it doesn't seem to be used.

      • 3389 Views
      • Tags:
        • 1. Re: RemoteAddrValve to protect core apps?
          teej Jun 16, 2005 7:36 PM (in response to teej)

          Of course I meant to write

          <Context path="/web-console" docBase="D:\Server\jboss\server\all\deploy\management\console-mgr.sar\web-console.war" debug="1" privileged="true" >
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.254.*.*" deny "" />
</Context>


            • Actions
          • 2. Re: RemoteAddrValve to protect core apps?
            teej Jun 17, 2005 12:19 AM (in response to teej)

            I eventually found a location that gets read, by monitoring the file-system for "FILE NOT FOUND" using sysinternal's File Monitor.

            Placing context.xml in the web-console.war/WEB_INF/ folder creates the Valve

            <Context debug="1" privileged="true" >
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="10.254.*.*" />
</Context>

            Unfortunately, it creates TWO Valves!

            During deployment the same context.xml is being read twice, about 2-3 seconds apart, and a duplicate RemoteAddrValve is reported. I can't understand why context.xml is read again :-S

            Can anyone tell me if this is a bug? 

            2005-06-17 05:00:33,847 DEBUG [org.jboss.web.tomcat.tc5.TomcatDeployer] Using session cookies default setting
2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=JaccContextValve,path=/web-console,host=localhost
2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
 2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=RemoteAddrValve,path=/web-console,host=localhost
 2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
2005-06-17 05:00:34,003 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=StandardContextValve,path=/web-console,host=localhost
2005-06-17 05:00:34,394 DEBUG [org.jboss.web.tomcat.filters.ReplyHeaderFilter] Adding header name: X-Powered-By='Servlet 2.4; JBoss-4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)/Tomcat-5.5'
2005-06-17 05:00:36,331 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
 2005-06-17 05:00:36,346 DEBUG [org.apache.catalina.valves.ValveBase] Duplicate org.apache.catalina.valves.RemoteAddrValve@c9f93f org.apache.catalina.valves.RemoteAddrValve@aad0b StandardEngine[jboss.web].StandardHost[localhost].StandardContext[/web-console]
 2005-06-17 05:00:36,346 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=RemoteAddrValve,seq=1,path=/web-console,host=localhost
 2005-06-17 05:00:36,362 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
2005-06-17 05:00:36,362 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=SecurityAssociationValve,path=/web-console,host=localhost
2005-06-17 05:00:36,378 DEBUG [org.apache.catalina.valves.ValveBase] valve parent=,path=/web-console,host=localhost jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none
2005-06-17 05:00:36,378 DEBUG [org.apache.catalina.valves.ValveBase] valve objectname = jboss.web:type=Valve,name=CustomPrincipalValve,path=/web-console,host=localhost
2005-06-17 05:00:36,378 DEBUG [org.jboss.web.tomcat.tc5.TomcatDeployer] Initialized: {WebApplication: /D:/Server/jboss/server/all/deploy/management/console-mgr.sar/web-console.war/, URL: file:/D:/Server/jboss/server/all/deploy/management/console-mgr.sar/web-console.war/, classLoader: java.net.FactoryURLClassLoader@81b83c:8501308} jboss.web:j2eeType=WebModule,name=//localhost/web-console,J2EEApplication=none,J2EEServer=none


              • Actions
            • 3. Re: RemoteAddrValve to protect core apps?
              starksm64
              starksm64 Jun 20, 2005 1:00 PM (in response to teej)

              Create a bug report so someone can look into it:
              http://jira.jboss.com/jira/browse/JBAS

                • Actions